Method for Digital Currency Intra-Chain and Cross-Chain Off-Chain Payments Based on Trusted Hardware

The present application claims priority to Chinese Patent Application No. 202410312614.7, filed on Mar. 19, 2024, the content of which is incorporated herein by reference in its entirety.

The present disclosure belongs to the field of information technology, and in particular, to a method for digital currency intra-chain and cross-chain off-chain payments based on trusted hardware.

With the continuous development of blockchain and digital currency, the transaction volume in digital currencies is gradually increasing, demanding higher levels of security and efficiency of transactions. The traditional blockchain transaction method mainly relies on the open account books among network participants, which largely ensures the transparency and non-tampering of the transaction but also presents issues such as low transaction efficiency, high cost and insufficient privacy protection.

To address these challenges, various off-chain trading solutions have been proposed. However, the performance of solutions such as lightning network still exhibits weak performance, and there are some security and reliability issues.

Moreover, with the emergence of different kinds of cryptocurrencies, such as Bitcoin and Ethereum, and digital currency, the central bank, the demand for cross-chain transactions is more and more urgent, but most off-chain trading systems do not support cross-chain transactions.

Therefore, it is necessary to develop a safe, efficient and cross-chain trading system and method. In this respect, trusted hardware such as hardware security module (HSM) and trusted execution environment (TEE) provide a potential solution.

The object of the present disclosure is to solve the above problems, and to provide a method for digital currency intra-chain and cross-chain off-chain payments based on trusted hardware to realize safe and efficient digital currency intra-chain or cross-chain payment.

According to a first aspect of the embodiment of the present disclosure, there is provided a method for digital currency intra-chain and cross-chain off-chain payments based on trusted hardware, including the following steps:

Further, storing, by the trusted hardware system of the payer or the payee, the public-private key pair (pk,sk) in the confidential storage space comprises: directly storing the public-private key pair in the trusted hardware or encrypting the public-private key pair by the trusted hardware with a key that does not leak and storing the public-private key pair in a specific area, wherein data stored in the confidential storage space are not capable of being read by any device, system, software or user except the trusted hardware system in any way.

Further, before verifying by the payee in the step (3), when there has been no prior transaction between the payee and the payer, calling, by the software system of the payee, trusted hardware attestation technology to verify whether the trusted hardware system of the payer is running on a reliable trusted hardware, and when verifying being passed, obtaining the public key of the trusted hardware signatureof the payer and storing the public key of the trusted hardware signatureof the payer in the software system of the payee.

Further, after the step (6) when the payee needs to withdraw a digital currency, following steps are performed:

Inputting, by the software system of the payee, a public key pk′to the trusted hardware system of the payee, requesting the trusted hardware system of the payee to transfer (pk, sk), performing, by the trusted hardware system of the payee, asymmetric encryption on skby using pk′, to generate a ciphertext C′, deleting (pk,sk) from the confidential storage space, signing the ciphertext C′by a trusted hardware signature private keyto generate a signature σ″, and sending the ciphertext C′and the signature σ″to the software system of the payee.

Verifying, by the software system of the payee, whether σ′is a signature for pkby the payee usingand whether σ″is a signature for the ciphertext C′by the trusted hardware system of the payee usingby using the, when said verifying being passed, decrypting, by a corresponding private key sk′of the public key pk′, the ciphertext C′to obtain sk, generating, by the software system of the payee, a transaction of transferring from addr to the personal digital currency address of the payee by using (pk,sk), and submitting the transaction to the blockchain for withdrawal for the digital currency.

According to a second aspect of the embodiment of the present disclosure, there is provided a method for digital currency intra-chain and cross-chain off-chain rescuable payments based on trusted hardware, including the following steps:

Further, for a digital currency that supports deferred transactions, generating, by the trusted hardware system of the payer, a transaction txsigned with sk, with a nTimeLock field being the earliest rescue time t expected by the payer and a SIGHASH flag bit being SIGHASH_ALL, and transferred from addr to addr, and returning the transaction txas the rescue object to the software system of the payer.

For a digital currency that does not support deferred transactions but supports smart contracts, generating, by the trusted hardware system of the payer, a deferred transfer function that calls smart contracts that support deferred transactions, so as to achieve a called transactions callof transferring from addr to addrwith an earliest executable time being t, and returning the transaction callas the rescue object to the software system of the payer.

For a digital currency that does not support deferred transactions or smart contracts, obtaining, by the trusted hardware system of the payer, a current time tthrough a trusted clock or trusted timing point, generating a time lock puzzle puzzlewith a secret being sk, a computing performance being a current computing performance constant and an unlocking duration being t−tthrough a generation algorithm in a time lock puzzle algorithm, and returning the time lock puzzle puzzleto the software system of the payer as the rescue object, wherein the time lock puzzle algorithm comprises but is not limited to RSW time lock puzzle algorithms.

Further, a process for the payer to retrieve the digital currency deposited at addr to the rescue address addrincludes:

For the digital currency that supports the deferred transactions, after submitting the earliest rescue time t expected by the payer, submitting, by the payer, txto a blockchain system through the software system of the payer or any blockchain client supporting the digital currency, and retrieving the digital currency deposited at addr to the rescue address addrafter confirmation by the blockchain system.

For the digital currency that does not support the deferred transactions but supports the smart contracts, after submitting the earliest rescue time t expected by the payer, submitting, by the payer, callto the blockchain system through the software system of the payer or any blockchain client that supports the digital currency, and retrieving the digital currency deposited at addr to the rescue address addrafter confirmation by the blockchain system.

For the digital currency that does not support the deferred transactions or the smart contracts, immediately starting, by the payer, to execute a decryption algorithm of the corresponding time lock puzzle algorithm after obtaining puzzle, solving, by the payer, puzzleto obtain skbefore and after the earliest rescue time t expected by the payer, generating a transaction of transferring from addr to the personal digital currency address of the payer with the software system, and submitting the transaction to the blockchain to retrieve the digital currency.

Further, after step (6), if the payee needs to withdraw a digital currency, then:

Sending, by the software system of the payee, a public key pk′to the trusted hardware system of the payee, requesting the trusted hardware system of the payee to transfer (pk,sk), performing, by the trusted hardware of the payee asymmetric encryption on skby using pk′, to generate a ciphertext C′, deleting (pk,sk) from the confidential storage space, signing the ciphertext C′by a trusted hardware signature private key, to generate a signature σ″, and returning the ciphertext C′and the signature σ″to the software system of the payee.

Verifying, by the software system of the payee, whether σ′is a signature for pkby the payee using, usinpto verily whether σ″is a signature for C′by the trusted hardware system of the payee usingby using, when said verifying being passed, decrypting, by the corresponding private key sk′of the public key pk′, the ciphertext C′to obtain sk, generating, by the payee, a transaction of transferring from addr to the personal digital currency address of the payee by using (pk,sk) through the software system of the payee, and submitting the transaction to the blockchain for withdrawal for the digital currency.

According to a third aspect of the embodiment of the present disclosure, there is provided an electronic device, including: one or more processors; and a memory for storing one or more programs.

When the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the method according to the first aspect.

According to a fourth aspect of the embodiment of the present disclosure, there is provided a computer-readable storage medium having computer instructions stored thereon. The instructions, when executed by a processor, implement the steps of the method according to the first aspect.

The technical solutions provided by the embodiment of the present disclosure can include the following beneficial effects:

The present disclosure proposes a method for digital currency intra-chain and cross-chain off-chain payments based on trusted hardware. The method replaces the on-chain payment with a public-private key pair saved and managed by a trusted hardware system, and the security of the transaction is ensured by the trusted hardware, thereby avoiding complicated on-chain transaction steps, reducing lengthy on-chain transaction times, eliminating high on-chain transaction costs, ignoring differences between blockchain systems to support cross-chain transactions, and thus greatly improving the digital currency intra-chain and cross-chain payment efficiency and significantly reducing the digital currency payments. Compared with the related art, embodiments of the present disclosure achieve cross-chain payments for the digital currency, greatly improving the timeliness and convenience of the digital currency intra-chain and cross-chain transaction payment flow, ensuring its security, and reducing its payment cost.

The present disclosure further provides a method for digital currency intra-chain and cross-chain off-chain rescuable payment based on trusted hardware. On the basis of the above payment method, the corresponding rescue object generation process and the process of using rescue objects to retrieve digital currencies are proposed according to different digital currency types, thereby avoiding the problem of asset loss caused by damage or loss of trusted hardware.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the present disclosure.

Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the drawings, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present disclosure.

The terminology used in the present disclosure is for the purpose of describing specific embodiments only and is not intended to limit the present disclosure. The singular forms “a”, “said” and “the” used in the present disclosure and the appended claims are further intended to include the plural forms, unless the context clearly indicates other meaning. It should further be understood that the term “and/or” as used herein refers to and includes any or all possible combinations of one or more associated listed items.

It should be understood that although the terms first, second, third, etc. may be used in the present disclosure to describe various information, this information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of the present disclosure, the first information can further be called the second information, and similarly, the second information can further be called the first information. Depending on the context, the word “if” as used herein can be interpreted as “when” or “in case of” or “in response to a determination”.

The method for digital currency intra-chain and cross-chain off-chain payments based on trusted hardware in the embodiment of the present disclosure mainly involves two participants, namely a payer and a payee. The payer and the payee can be institutions (such as commercial banks) or ordinary users (such as commodity buyers and sellers). The digital currency transaction can take place under the scenes of off-chain commodity transaction, online electronic payment and the like. As shown in, the payer has a software system running on a computer device or a mobile device and a trusted hardware system running on trusted hardware, and the payee has at least the software system. Understandably, in practice, the same user can appear as the payer and the payee in different digital currency transactions.

is a schematic diagram of a method for digital currency intra-chain and cross-chain off-chain payments based on trusted hardware according to an exemplary embodiment. As shown in, the method mainly involves the following steps:

It should be noted that each trusted hardware system automatically generates two public-private key pairs randomly after initialization: 1) one for encryption (,), where the former is a public key and the latter is a private key; and 2) one for signing (,). The former is a public key and the latter is a private key. When a payee and a payer lave a transaction for the first time, they should use the attestation technology attached to their trusted hardware to verify that the payer is using a reliable trusted hardware, and obtain the trusted hardware signature public keythe above payer and save it in the software system of the payee.

The trusted hardware can be implemented by a hardware security module (HSM) or a trusted execution environment (TEE), and its specific implementation includes but is not limited to Intel SGX, ARM TrustZone and other popular TEE or HSM solutions.

It should be noted that the trusted hardware provides a secret storage function, which can save, read, update and delete confidential contents into a confidential storage space. Its implementation methods include but are not limited to storing confidential contents in a storage chip in the trusted hardware, encrypting the confidential contents with an encryption key built in the trusted hardware and storing the encrypted ciphertext in a storage space outside the trusted hardware. After being written, the confidential content cannot be read, modified or deleted by any device, user, system or software in any way, and after being deleted, it cannot be recovered and read by any device, user, system or software in any way.

The process of randomly generating a public-private key pair refers to randomly generating a public-private key pair based on digital signature solutions of asymmetric encryption, including but not limited to RSA, ECDSA, Schnorr and SM-2.

The process of generating a signature refers to the process of generating a digital signature for a signature content by using a signature algorithm based on asymmetric encryption corresponding to a private key after inputting the private key and the signature content.

It should be noted that it is common knowledge in this field that there is a blockchain system for the digital currency, and the digital currency address can be calculated according to the public key according to the method specified by the digital currency, which will not be repeated here.

In this step, whether there is a digital currency at the address addr/account on the blockchain system is browsed through the built-in blockchain browser or other blockchain browsers or any method.

In this step, if there has been no prior transaction between the payee and the payer, the payee should call the trusted hardware attestation technology through its software system to verify whether the trusted hardware system of the payer is running on the reliable trusted hardware. If the verification is passed, a trusted hardware signature public key of the payeris obtained and stored in the software system of the payee.

The payer inputs the public key provided by the payee to the software system of the payer, and the software system of the payer transmits the public key and the transfer request to the trusted hardware of the payer. The trusted hardware of the payer uses this public key to asymmetrically encrypt the public-private key pair in step 1 to generate a ciphertext, deletes the public-private key pair in the trusted storage space, signs the ciphertext with the private key of the trusted hardware, and returns the above ciphertext and signature to the software system of the payer.

In this step, the process of verifying the signature refers to the process of inputting the public key, signature and signature content, and then verifying whether the input signature is generated by signing the signature content with the private key corresponding to the input public key by using the verification algorithm of the digital signature solution based on asymmetric encryption.

In this step, the asymmetric decryption not only includes the input private key and the original text using asymmetric encryption solutions including but not limited to RSA, SM-2 to decrypts the ciphertext to obtain the original text, further includes the input private key, symmetric encryption ciphertext and asymmetric encryption ciphertext using the decryption algorithm of hybrid encryption solutions for decryption, that is, the input private key and asymmetric encryption ciphertext use the decryption algorithm including but not limited to AES, DES, SM-1 and other symmetric encryption solutions to obtain the one-time key, and the input one-time key and symmetric encryption ciphertext use the decryption algorithm including but not limited to RSA, SM-2 and other asymmetric encryption solutions to obtain the original text. Thereafter, optionally, when the payee acts as a new payer subsequently, skcan be paid to other users again by the above steps (1) to (5) of its software system.

Thereafter, the payee can use (pk,sk) to generate a transaction of transferring from the corresponding digital currency address addr to the personal digital currency address of the payee through its software system, and submit the transaction to the blockchain for withdrawal for the digital currency.

After the execution of the above steps, the payment part of the digital currency off-chain payment method the based on trusted hardware is completed.

As shown in, if the payee needs to withdraw a digital currency after performing step 6, the following will be executed.